Feeds

Call yourself a 'hacker', watch your ex-boss seize your PC without warning

Court rules coder's computer can be suddenly snatched in 'software knockoff' spat

Secure remote control for conventional and virtual desktops

A US district court has ruled that self-confessed "hackers" have all the skills needed to swiftly destroy evidence, allowing anyone suing them to seize their equipment without warning.

The court in Idaho decided that a software developer’s computer could be confiscated without prior notice primarily because his website stated: “We like hacking things and don’t want to stop.”

The ruling [PDF] came down in a case brought by Battelle Energy Alliance against ex-employee Corey Thuen and his company Southfork Security.

Thuen, while working for Battelle, helped develop an application today known as Sophia, which fires off alerts if it detects industrial control equipment coming under electronic attack. Battelle – which was tasked with beefing up the computer security of US electricity plants, energy sources and other critical sites – wanted to license this technology, but Thuen hoped to open source the code, according to the plaintiffs.

Sophia, which had been in development since 2009, underwent testing in 2012 and attracted the attention of power companies.

Thuen left Battelle before setting up Southfork Security. According to Battelle, Southfork Security competed against other firms to license Sophia from Battelle before withdrawing in April 2013, a month before an outfit called NexDefense was awarded the right to negotiate an exclusive commercial licence.

Around the same time, in May 2013, Southfork Security began marketing a “situational awareness” program called Visdom that Battelle alleges is a knockoff of Sophia.

Battelle Energy Alliance sued Thuen, claiming that Visdom was based on stolen code, and accused Southfork and Thuen of copyright infringement, trade secret misappropriation and breach of contract, among other allegations, according to legal filings seen by The Register.

What elevates the case from a run-of-the-mill intellectual property dispute is that Battelle persuaded the court to allow it to seize Thuen's computer to copy its files. The district court ruled that the programmer has the skills, as a "hacker", to release the contested code publicly, cover his tracks, and destroy any evidence if he knew a seizure was imminent:

The court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy... The tipping point for the court comes from evidence that the defendants – in their own words – are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen’s computer. For these reasons, the court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.

The plaintiff also obtained a temporary restraining order against Thuen and Southfork Security without prior notice primarily because, again, the Southfork website declared “we like hacking things and we don’t want to stop".

This statement was used to prop up the claimants' argument that Thuen and Southfork "have the technical ability to wipe out a hard drive [and] will do precisely that when faced with allegations of wrongdoing". That would seem to fall short of the usual legal test for granting a restraining order, that the defendants have “a history of disposing of evidence or violating court orders”, but the district court granted the restraining order nonetheless.

The order prevents Thuen and his company from releasing any of the contested source code.

Battelle’s lawyers also raised national security concerns by arguing that releasing the Sophia utility as open-source code would hand strategic and vital information to wannabe power-plant hackers. Thuen and Southfork were not given the opportunity to appear before the court and contest this argument before the seizures were carried out and the restraining order on the business imposed.

A good overview of the whole contentious case so far can be found in a blog post by control system security consultancy Digital Bond. ®

Updated to add

There is a debate over whether the court's ruling ran roughshod over a person's rights against unreasonable seizures as enshrined in the US Constitution's Fourth Amendment: some have argued that such protections do not extend to discovery requests in private civil cases.

Build a business case: developing custom apps

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Govt control? Hah! It's IMPOSSIBLE to have a successful command economy
Even Moore's Law can't help the architects of statism now
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
New voting rules leave innocent Brits at risk of SPAM TSUNAMI
Read the paperwork very carefully - or fall victim to marketing shysters
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.